Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

Sandworm Team

Sandworm Team is a Russian cyber espionage group that has operated since approximately 2009. The group likely consists of Russian pro-hacktivists. Sandworm Team targets mainly Ukrainian entities associated with energy, industrial control systems, SCADA, government, and media. Sandworm Team has been linked to the Ukrainian energy sector attack in late 2015. [1] [2]

ID: G0034
Aliases: Sandworm Team, Quedagh, VOODOO BEAR
Version: 1.0

Alias Descriptions

NameDescription
Sandworm Team[1] [3] [4]
QuedaghBased on similarities between TTPs, malware, and targeting, Sandworm Team and Quedagh appear to refer to the same group. [1] [3]
VOODOO BEAR[2]

Software

IDNameTechniques
S0089BlackEnergyBypass User Account Control, Credentials in Files, Fallback Channels, File and Directory Discovery, File Deletion, File System Permissions Weakness, Indicator Removal on Host, Input Capture, Network Service Scanning, New Service, Peripheral Device Discovery, Process Discovery, Process Injection, Registry Run Keys / Startup Folder, Screen Capture, Shortcut Modification, Standard Application Layer Protocol, System Information Discovery, System Network Configuration Discovery, System Network Connections Discovery, Windows Admin Shares, Windows Management Instrumentation

References